Cisco Virtual Network Management Center GUI Configuration Guide, Release 1.2
Configuring Security Policies
Downloads: This chapterpdf (PDF - 634.0KB) The complete bookPDF (PDF - 2.54MB) | The complete bookePub (ePub - 417.0KB) | Feedback

Configuring Security Policies

Contents

Configuring Security Policies

This chapter includes the following sections:

Security Policies

Cisco VNMC security policies provide options to create security profiles and policies. A security profile and policies can be configured at any organizational level.

Security Profile

A Cisco VNMC security profile is a set of custom security attributes and one assigned policy set. The security profile is added to the port profile for the Nexus 1000V VSM. The port profile is assigned to the Nexus 1000V VSM vNic, making the security profile part of the virtual machine (VM). Adding a security profile to the VM allows the addition of custom attributes to the VM. Firewall rules can be written using custom attributes such that traffic between VMs can be allowed to pass or be dropped. You can also add security policies in the same GUI pane where you are adding security profiles.

There is a pre-configured default security profile at root level. The default security profile points to the default policy set. The default security profile can be edited but cannot be deleted.

Policies

A Cisco VNMC supports a number of policies. The policies are as follows:

  1. Policy set—The policy set contains the policy, the rule, the zone, and the object group. Once the policy set is created, it can be assigned to a security profile. An existing default policy set is automatically assigned at system boot up.
  2. Policy—A policy contains rules. A policy can contain rules that can be ordered. An existing default policy is automatically assigned at system boot up. The default policy has a default rule that has an action as drop.
  3. Rule—A rule contains the conditions for regulating traffic. The default policy has a default rule that has an action as drop. Conditions for a rule can be set using the network, custom, and virtual machine attributes.
  4. Object group—An object group object can be created under an organization node. It defines a collection of condition expressions on a specific system defined or on a custom attribute. An object group can be referred in a policy rule condition when a member or not-member operator is selected. The rule condition referring to the object group evaluates to true if any of the expressions in the object group evaluate to true.
  5. Security Profile Dictionary—A Cisco VNMC security profile dictionary is a logical collection of security attributes. You define dictionary attributes for use in a security profile. A security profile dictionary is created at the root or tenant node. You can only create one dictionary for a tenant and only one dictionary for the root. The security profile dictionary allows the user to define names of custom attributes. Custom attribute values are specified on security profile objects. Custom attributes can be used to define policy rule conditions. Attributes configured in a root level dictionary can be used by any tenant. Creation of a dictionary below tenant level is not supported.
  6. Zone—A zone defines a set of virtual machines based on conditions. The zone name is used in the authoring rules.

Security policies are created and then pushed to the Cisco VSG.

Configuring Security Profiles

Adding a Security Profile

Procedure
    Step 1   In the Navigation pane, click the Policy Management tab.
    Step 2   In the Navigation pane, click the Security Policies subtab.
    Step 3   In the Navigation pane, expand root > Security Profiles
    Step 4   In the Work pane, click the Add Security Profile link.
    Note   

    You can add the component at any organizational level.

    Step 5   In the Add Security Profile dialog box, General tab area, complete the following fields:
    Name Description

    Name field

    The name of the security profile.

    This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved.

    Description field

    A description of the security profile.

    This description can be between 1 and 256 identifier characters. You can use alphanumeric characters including hyphens, underscore, dot, and colon. You cannot change this description after it is saved.

    Policy Set drop-down list

    A selectable drop-down list of policy sets.

    Add Policy Set link

    A link to add a policy set.

    Resolved Policy Set field

    A link to edit the resolved policy set.

    Table 1 Resolved Policies Area
    Name Description

    (Un)assign Policy link

    The link to unassign a policy.

    Name column

    The name of the rule.

    Source Condition column

    Contains the source condition specified.

    Destination Condition column

    Contains the destination condition specified.

    Protocol column

    Contains the protocol specified.

    Ethertype column

    Contains the Ethertype specified.

    Action column

    Contains the action specified for the rule.

    Description column

    Contains a description for the rule.

    Step 6   In the Add Security Profile dialog box, Attributes tab area, complete the following fields:
    Name Description

    Add link

    The link opens a dialog box where you can add an attribute.

    Name column

    The name of the attribute.

    Value column

    The attribute value.

    Step 7   Click OK.

    Editing a Security Profile

    Procedure
      Step 1   In the Navigation pane, click the Policy Management tab.
      Step 2   In the Navigation pane, click the Security Policies subtab.
      Step 3   In the Navigation pane, expand root > Security Profiles .
      Step 4   In the Work pane, click the security profile you want to edit.
      Step 5   Click the Edit link.
      Step 6   In the Edit Security Profile dialog box, General tab area, modify the following fields as appropriate:
      Name Description

      Name field

      The name of the security profile.

      Description field

      A user-defined description of the object.

      Policy Set drop-down list

      A selectable drop-down list of policy sets.

      Resolved Policy Set field

      A link to edit the resolved policy set.

      Table 2 Resolved Policies Area
      Name Description

      (Un)assigned Policy column

      The link to a dialog box where you can assign or unassign policies.

      Source Condition column

      Contains the source condition specified.

      Destination Condition column

      Contains the destination condition specified.

      Protocol column

      Contains the protocol specified.

      Ethertype column

      Contains the Ethertype specified.

      Action column

      Contains the action specified for the rule.

      Description column

      A description of the component.

      Step 7   In the Edit Security Profile dialog box, Attributes tab area, modify the following fields as appropriate:
      Name Description

      Add link

      Allows you to add a Security Profile attribute.

      Name column

      The name of the Security Profile attribute.

      Value column

      A value for the attribute.

      Step 8   Click OK.

      Deleting a Security Profile

      Procedure
        Step 1   In the Navigation pane, click the Policy Management tab.
        Step 2   In the Navigation pane, click the Security Policies subtab.
        Step 3   In the Navigation pane, expand root > Security Profiles.
        Step 4   In the Work pane, click the security profile you want to delete.
        Step 5   Click the Delete link.
        Step 6   In the Confirm dialog box, click OK.

        Deleting a Security Profile Attribute

        Procedure
          Step 1   In the Navigation pane, click the Policy Management tab.
          Step 2   In the Navigation pane, click the Security Policies subtab.
          Step 3   In the Navigation pane, expand root > Security Profiles.
          Step 4   In the Navigation pane, click the security profile that contains the attribute you want to delete.
          Step 5   In the Work pane, click the Attributes tab.
          Step 6   Click the attribute you want to delete.
          Step 7   Click the Delete link.
          Step 8   In the Confirm dialog box, click OK.

          Assigning a Policy

          Procedure
            Step 1   In the Navigation pane, click the Policy Management tab.
            Step 2   In the Navigation pane, click the Security Policies subtab.
            Step 3   In the Navigation pane, expand root > Security Profiles.
            Step 4   In the Navigation pane, click the profile where you want to assign the policy.
            Step 5   In the Work pane, click the (Un)assign Policy link.
            Step 6   In the (Un)assign Policy dialog box, move the policy you want assigned to the Assigned list.
            Step 7   Click OK.

            Unassigning a Policy

            Procedure
              Step 1   In the Navigation pane, click the Policy Management tab.
              Step 2   In the Navigation pane, click the Security Policies subtab.
              Step 3   In the Navigation pane, expand root > Security Profiles.
              Step 4   In the Navigation pane, click the profile where you want to unassign the policy.
              Step 5   In the Work pane, click the (Un)assign Policy link.
              Step 6   In the (Un)assign Policy dialog box, move the policy you want unassigned to the Available list.
              Step 7   Click OK.

              Configuring Security Policy Attributes

              Configuring Object Groups

              Adding an Object Group

              Procedure
                Step 1   In the Navigation pane, click the Policy Management tab.
                Step 2   In the Navigation pane, click the Security Policies subtab.
                Step 3   In the Navigation pane, expand root > Advanced > Object Groups.
                Step 4   In the Work pane, click the Add Object Group link.
                Note   

                You can add the component at any organizational level.

                Step 5   In the Add Object Group dialog box, complete the following fields:
                Name Description

                Name field

                The name of the object group.

                This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved.

                Description field

                A description of the object group.

                This description can be between 1 and 256 identifier characters. You can use alphanumeric characters including hyphens, underscore, dot, and colon. You cannot change this description after it is saved.

                Attribute Type drop-down list

                The attribute types available to select.

                Attribute Name drop-down list

                The attribute names available to select.

                Add Attribute link

                The link opens a dialog box where you can add an attribute.

                Resolved Attribute field

                The resolved attribute link.

                Step 6   Click OK.

                Adding an Object Group Expression

                Procedure
                  Step 1   In the Navigation pane, click the Policy Management tab.
                  Step 2   In the Navigation pane, click the Security Policies subtab.
                  Step 3   In the Navigation pane, expand root > Advanced > Object Groups.
                  Step 4   In the Work pane, click the Add Object Group link.
                  Note   

                  You can add the component at any organizational level.

                  Step 5   In the Add Object Group dialog box, click the Add link:
                  Step 6   In the Add Object Group Expression dialog box, complete the following fields:
                  Name Description

                  Attribute Name field

                  The name of the attribute.

                  Operator drop-down list

                  The list of selectable operators.

                  Attribute Value field

                  The value of the attribute.

                  Step 7   Click OK.

                  Editing an Object Group

                  Procedure
                    Step 1   In the Navigation pane, click the Policy Management tab.
                    Step 2   In the Navigation pane, click the Security Policies subtab.
                    Step 3   In the Navigation pane, expandroot > Advanced > Advanced > Object Groups.
                    Step 4   In the Work pane, click the object group you want to edit.
                    Step 5   Click the Edit link.
                    Step 6   In the Edit Object Group dialog box General tab area, edit the appropriate fields:
                    Name Description

                    Name field

                    The name of the object group.

                    This field cannot be edited on this tab.

                    Description field

                    The description of the object group.

                    This description can be between 1 and 256 identifier characters. You can use alphanumeric characters including hyphens, underscore, dot, and colon. You cannot change this description after it is saved.

                    Attribute Type drop-down list

                    A list that contains attribute types.

                    Attribute Name drop-down list

                    A list that contains attribute names

                    Table 3 Expression Area
                    Name Description

                    Operator column

                    The operator used.

                    Value column

                    The attribute value.

                    Step 7   Click OK.

                    Editing an Object Group Expression

                    Procedure
                      Step 1   In the Navigation pane, click the Policy Management tab.
                      Step 2   In the Navigation pane, click the Security Policies subtab.
                      Step 3   In the Navigation pane, expand root > Advanced > Object Groups and click the object group where you want to edit an expression.
                      Step 4   In the Work pane, click the Edit link in the Expression area.
                      Step 5   In the Expressions area, click the expression you want to edit.
                      Step 6   In the Edit Expression dialog box modify the appropriate fields:
                      Name Description

                      Attribute Name field

                      The name of the attribute.

                      Operator drop-down list

                      The list of selectable operators.

                      Attribute Value field

                      The value of the attribute.

                      Step 7   Click OK.

                      Deleting an Object Group

                      Procedure
                        Step 1   In the Navigation pane, click the Policy Management tab.
                        Step 2   In the Navigation pane, click the Security Policies subtab.
                        Step 3   In the Navigation pane, expand root > Advanced > Object Groups.
                        Step 4   In the Navigation pane, click the Object Groups node.
                        Step 5   In the Work pane, click the object group you want to delete.
                        Step 6   Click the Delete link.
                        Step 7   In the Confirm dialog box, click Yes.

                        Deleting an Object Group Expression

                        Procedure
                          Step 1   In the Navigation pane, click the Policy Management tab.
                          Step 2   In the Navigation pane, click the Security Policies subtab.
                          Step 3   In the Navigation pane, expand root > Advanced > Object Groups.
                          Step 4   In the Navigation pane, click the object group that contains the expression you want to delete.
                          Step 5   In the Expression area, click the expression you want to delete.
                          Step 6   Click the Delete link.
                          Step 7   In the Confirm dialog box, click Yes.

                          Configuring a Policy

                          Adding a Policy

                          Procedure
                            Step 1   In the Navigation pane, click the Policy Management tab.
                            Step 2   In the Navigation pane, click the Security Policies subtab.
                            Step 3   In the Navigation pane, expand root > Advanced > Policies.
                            Step 4   In the Work pane, click the Add Policy link.
                            Step 5   In the Add Policy dialog box, complete the following fields:
                            Name Description

                            Name

                            The name of the policy.

                            This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved.

                            Description

                            The description of the policy.

                            This description can be between 1 and 256 identifier characters. You can use alphanumeric characters including hyphens, underscore, dot, and colon. You cannot change this description after it is saved.

                            Table 4 Rules Area
                            Name Description

                            Add Rule link

                            Opens a dialog box that allows you to add a rule.

                            Up and Down arrows

                            Changes the priority of the selected policies.

                            Name column

                            Contains the rule names.

                            Source Condition column

                            Contains the source condition specified

                            Destination Condition column

                            Contains the destination condition specified

                            Protocol column

                            Contains the protocol specified

                            Ethertype column

                            Contains the EtherType specified

                            Action column

                            Contains the action specified for the rule.

                            Description column

                            Contains a description for the rule.

                            Step 6   Click OK.

                            Editing a Policy

                            Procedure
                              Step 1   In the Navigation pane, click the Policy Management tab.
                              Step 2   In the Navigation pane, click the Security Policies subtab.
                              Step 3   In the Navigation pane, expand root > Advanced > Policies.
                              Step 4   In the Work pane, click the policy you want to edit.
                              Step 5   Click the Edit link.
                              Step 6   In the Edit Policy dialog box, General tab area, modify the following fields as appropriate:
                              Name Description

                              Name field

                              A component name.

                              Description field

                              A component description.

                              Table 5 Rules Area
                              Name Description

                              Add Rule link

                              Opens a dialog box that allows you to add a rule.

                              Up and Down arrows

                              Changes the priority of the selected policies.

                              Name column

                              Contains the rule names.

                              Source Condition column

                              Contains the source condition specified

                              Destination Condition column

                              Contains the destination condition specified

                              Protocol column

                              Contains the protocol specified

                              Ethertype column

                              Contains the EtherType specified

                              Action column

                              Contains the action specified for the rule.

                              Description column

                              Contains a description for the rule.

                              Step 7   Click Apply, and then click OK.

                              Deleting a Rule-Based Policy

                              Procedure
                                Step 1   In the Navigation pane, click the Policy Management tab.
                                Step 2   In the Navigation pane, click the Security Policies subtab.
                                Step 3   In the Navigation pane, expand root > Advanced > Policies.
                                Step 4   In the Work pane, click the policy you want to delete.
                                Step 5   Click the Delete link.
                                Step 6   In the Confirm dialog box, click Yes.

                                Adding a Rule

                                Procedure
                                  Step 1   In the Navigation pane, click the Policy Management tab.
                                  Step 2   In the Navigation pane, click the Security Policies subtab.
                                  Step 3   In the Navigation pane, expand root > Advanced > Policies.
                                  Step 4   In the Work pane, click the Add Policy link.
                                  Note   

                                  You can add the component at any organizational level.

                                  Step 5   In the Add Policy dialog box, click the Add Rule link.
                                  Step 6   In the Add Rule dialog box, complete the following fields:
                                  Name Description

                                  Name field

                                  The name of the rule.

                                  This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved.

                                  Description field

                                  The description of the rule.

                                  This description can be between 1 and 256 identifier characters. You can use alphanumeric characters including hyphens, underscore, dot, and colon. You cannot change this description after it is saved.

                                  Action to Take area

                                  The area in which you manage actions.

                                  • drop radio button—Click to set the action to drop.
                                  • permit radio button—Click to set the action to permit.
                                  • reset radio button—Click to set the action to reset.

                                  You can also check the log check box to enable logging.

                                  Protocol area

                                  The area in which you set the protocol.

                                  • Any check box—Check to use any protocol, and uncheck to choose a protocol.
                                  • Operator drop-down list—Choose an operator from the drop-down list.
                                  • Value drop-down list—Choose a protocol from the drop-down list.

                                  Ether Type area

                                  The area in which you set the Ethernet type.

                                  • Any check box—Check to use any value, and uncheck to enter a value.
                                  • Operator drop-down list—Choose an operator from the drop-down list.
                                  • Value field—Enter a hex number in the field.
                                  Step 7   In the Source Conditions area, click the Add link to open the Add Source Condition dialog box, and choose the fields as appropriate:
                                  Table 6 Source Conditions Area
                                  Name Description

                                  Add link

                                  Clicking the Add link opens the Add Source Condition dialog box.

                                  Attribute Name column

                                  The name of the attribute.

                                  Operator column

                                  The operator value specified.

                                  Attribute Value column

                                  The attribute value specified.

                                  Step 8   In the Destination Conditions area, click the Add link to open the Add Destination Condition dialog box, and choose the fields as appropriate:
                                  Table 7 Destination Conditions Area
                                  Name Description

                                  Add link

                                  Clicking the Add link opens the Add Destination Condition dialog box.

                                  Attribute Name column

                                  The name of the attribute.

                                  Operator column

                                  The operator value specified.

                                  Attribute Value column

                                  The attribute value specified.

                                  Step 9   Click OK.

                                  Editing a Rule

                                  Procedure
                                    Step 1   In the Navigation pane, click the Policy Management tab.
                                    Step 2   In the Navigation pane, click the Security Policies subtab.
                                    Step 3   In the Navigation pane, expand root > Advanced > Policies > Policy_name where you want to edit a rule.
                                    Step 4   In the Work pane, click the Rule_name you want to edit.
                                    Step 5   Click the Edit link.
                                    Step 6   In the Edit Rule dialog box General tab area, modify the fields:
                                    1. Modify the following fields as appropriate:
                                      Name Description

                                      Name field

                                      The name of the rule.

                                      Description field

                                      A description of the rule.

                                      This description can be between 1 and 256 identifier characters. You can use alphanumeric characters including hyphens, underscore, dot, and colon. You cannot change this description after it is saved.

                                      Action to Take area

                                      The area in which you manage actions.

                                      • drop radio button—Click to set the action to drop.
                                      • permit radio button—Click to set the action to permit.
                                      • reset radio button—Click to set the action to reset.

                                      You can also check the log check box to enable logging.

                                      Protocol area

                                      The area in which you set the protocol.

                                      • Any check box—Check to use any protocol, and uncheck to choose a protocol.
                                      • Operator drop-down list—Choose an operator from the drop-down list.
                                      • Value drop-down list—Choose a protocol from the drop-down list.

                                      Ether Type area

                                      The area in which you set the Ethernet type.

                                      • Any check box—Check to use any value, and uncheck to enter a value.
                                      • Operator drop-down list—Choose an operator from the drop-down list.
                                      • Value field—Enter a hex number in the field.
                                    2. In the Source Conditions area, modify the appropriate fields:
                                      Table 8 Source Conditions Area
                                      Name Description

                                      Add link

                                      Clicking the Add link opens the Add Source Condition dialog box.

                                      Attribute Name column

                                      The name of the attribute.

                                      Operator column

                                      The operator value specified.

                                      Attribute Value column

                                      The attribute value specified.

                                    3. In the Destination Conditions area, modify the appropriate fields:
                                      Table 9 Destination Conditions Area
                                      Name Description

                                      Add link

                                      Clicking the Add link opens the Add Destination Condition dialog box.

                                      Attribute Name column

                                      The name of the attribute.

                                      Operator column

                                      The operator value specified.

                                      Attribute Value column

                                      The attribute value specified.

                                    Step 7   Click OK.
                                    Step 8   In the Policy_name dialog box, click Save.

                                    Deleting a Rule

                                    Procedure
                                      Step 1   In the Navigation pane, click the Policy Management tab.
                                      Step 2   In the Navigation pane, click the Security Policies subtab.
                                      Step 3   In the Navigation pane, expand root > Advanced > Policies.
                                      Step 4   In the Work pane, click the Policy where you want to delete a rule.
                                      Step 5   Click the Edit link.
                                      Step 6   In the Edit Policy dialog box, click the rule you want to delete.
                                      Step 7   Click the Delete link.
                                      Step 8   In the Confirm dialog box, click Yes.

                                      Deleting a Source or a Destination Condition

                                      Procedure
                                        Step 1   In the Navigation pane, click the Policy Management tab.
                                        Step 2   In the Navigation pane, click the Security Policies subtab.
                                        Step 3   In the Navigation pane, expand root > Advanced > Policies.

                                        In the Navigation pane, click the policy that contains the source or destination condition you want to delete.

                                        Step 4   In the Navigation pane, click the policy that contains the source or destination condition you want to delete.
                                        Step 5   In the Work pane, click the Edit Rule link.
                                        Step 6   In the Edit Rule dialog box, click the source or a destination condition you want to delete.
                                        Step 7   Click the Delete link in the associated area.
                                        Step 8   In the Confirm dialog box, click Yes.

                                        Configuring a Policy Set

                                        Adding a Policy Set

                                        Procedure
                                          Step 1   In the Navigation pane, click the Policy Management tab.
                                          Step 2   In the Navigation pane, click the Security Policies subtab.
                                          Step 3   In the Navigation pane, expand root > Advanced > Policy Sets.
                                          Note   

                                          You can add the component at any organizational level.

                                          Step 4   In the Work pane, click the Add Policy Set link.
                                          Step 5   In the Add Policy Set dialog box, General tab area, complete the following fields, and optionally, move policies between the Available and Assigned areas:
                                          Name Description

                                          Name field

                                          A name for the component.

                                          This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved.

                                          Description field

                                          A user-defined description of the component.

                                          This description can be between 1 and 256 identifier characters. You can use alphanumeric characters including hyphens, underscore, dot, and colon. You cannot change this description after it is saved.

                                          Table 10 Policies Area
                                          Name Description

                                          Add Policy link

                                          Opens a dialog box that allows you to add a policy.

                                          Up and Down arrows

                                          Changes the priority of the selected policies.

                                          Available column

                                          Lists the policies created and available.

                                          Use arrows between the columns to move policies to the Assigned column.

                                          Assigned column

                                          Lists the policies assigned to the policy set.

                                          Use arrows between the columns to move policies to the Available column.

                                          Step 6   In the Add Policy Set dialog box, click OK.

                                          Editing a Policy Set

                                          Procedure
                                            Step 1   In the Navigation pane, click the Policy Management tab.
                                            Step 2   In the Navigation pane, click the Security Policies subtab.
                                            Step 3   In the Navigation pane, expand root > Advanced > Policy Sets.
                                            Step 4   In the Work pane, click the policy set you want to edit.
                                            Step 5   Click the Edit link.
                                            Step 6   In the Edit Policy Set dialog box, General tab area, modify the following fields as appropriate:
                                            Name Description

                                            Name field

                                            A name for the component.

                                            Description field

                                            A user-defined description of the component.

                                            Table 11 Policies Area
                                            Name Description

                                            Add Policy link

                                            Opens a dialog box that allows you to add a policy.

                                            Up and Down arrows

                                            Changes the priority of the selected policies.

                                            Available column

                                            Lists the policies created and available.

                                            Use arrows between the columns to move policies to the Assigned column.

                                            Assigned column

                                            Lists the policies assigned to the policy set.

                                            Use arrows between the columns to move policies to the Available column.

                                            Step 7   Click OK.

                                            Deleting a Policy Set

                                            Procedure
                                              Step 1   In the Navigation pane, click the Policy Management tab.
                                              Step 2   In the Navigation pane, click the Security Policies subtab.
                                              Step 3   In the Navigation pane, expand root > Advanced > Policy Sets.
                                              Step 4   In the Work pane, click the policy set you want to delete.
                                              Step 5   Click the Delete link.
                                              Step 6   In the Confirm dialog box, click Yes.

                                              Configuring Zones

                                              Adding a vZone

                                              Procedure
                                                Step 1   In the Navigation pane, click the Policy Management tab.
                                                Step 2   In the Navigation pane, click the Security Policies subtab.
                                                Step 3   In the Navigation pane, expand root > Advanced.
                                                Step 4   In the Navigation pane, click the vZones node.
                                                Note   

                                                You can add the component at any organizational level.

                                                Step 5   In the Work pane, click the Add vZone link.
                                                Step 6   In the Add vZone dialog box, complete the following fields:
                                                Name Description

                                                Name field

                                                The name of the vZone.

                                                This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved.

                                                Description field

                                                The description of the vZone.

                                                This description can be between 1 and 256 identifier characters. You can use alphanumeric characters including hyphens, underscore, dot, and colon. You cannot change this description after it is saved.

                                                Step 7   Click the Add link in the vZone Condition area and complete the following tasks:
                                                1. In the Add vZone Condition dialog box, complete the following areas:
                                                  Name Description

                                                  Attribute Type drop-down list

                                                  A list of attribute types.

                                                  It can be one of the following attributes:
                                                  • Network
                                                  • VM
                                                  • User Defined
                                                  Table 12 Expression Area
                                                  Name Description

                                                  Attribute Name

                                                  The attribute name. Depending upon the attribute type selected, a different set of choices are available.

                                                  Operator

                                                  The operator used. Depending upon the attribute type selected, a different set of choices are available.

                                                  Attribute Value

                                                  The attribute value. Depending upon the attribute type selected, a different set of choices is available.

                                                2. Click OK.
                                                Step 8   In the Add vZone dialog box, click OK.

                                                Editing a vZone

                                                Procedure
                                                  Step 1   In the Navigation pane, click the Policy Management tab.
                                                  Step 2   In the Navigation pane, click the Security Policies subtab.
                                                  Step 3   In the Navigation pane, expand root > Advanced > vZones node.
                                                  Step 4   In the Navigation pane, click the vZones node.
                                                  Step 5   In the Work pane, click the vzone you want to edit.
                                                  Step 6   Click the Edit link.
                                                  Step 7   In the Edit Zone dialog box General tab area, change the appropriate fields:
                                                  Name Description

                                                  Name column

                                                  A list of components.

                                                  Description column

                                                  A list of component descriptions.

                                                  Step 8   In the Edit Zone dialog box vZone Conditions area, do the following:
                                                  1. Click an attribute you want to edit.
                                                  2. Click the Edit link to open the Edit Condition dialog box, and make the appropriate changes in the following fields:
                                                    Name Description

                                                    Attribute Type drop-down list

                                                    The list you use to manage attribute types.

                                                    Table 13 Expression area
                                                    Name Description

                                                    Attribute Name drop-down list

                                                    Contains attribute names.

                                                    Operator drop-down list

                                                    Contains operators.

                                                    Attribute Value field

                                                    Contains attribute values.

                                                  3. Click OK.
                                                  Step 9   In the Edit vZone dialog box, click OK.

                                                  Deleting a vZone

                                                  Procedure
                                                    Step 1   In the Navigation pane, click the Policy Management tab.
                                                    Step 2   In the Navigation pane, click the Security Policies subtab.
                                                    Step 3   In the Navigation pane, expand root > Advanced.
                                                    Step 4   In the Navigation pane, click the vZones node.
                                                    Step 5   In the Work pane, click the vZone you want to delete.
                                                    Step 6   Click the Delete link.
                                                    Step 7   In the Confirm dialog box, click Yes.

                                                    Deleting a vZone Condition

                                                    Procedure
                                                      Step 1   In the Navigation pane, click the Policy Management tab.
                                                      Step 2   In the Navigation pane, click the Security Policies subtab.
                                                      Step 3   In the Navigation pane, expand root > Advanced > vZones .
                                                      Step 4   In the Navigation pane, click the vZone that contains the condition you want to delete.
                                                      Step 5   In the Work pane, click the Edit link.
                                                      Step 6   In the Edit vZone dialog box, vZone Condition area, click the condition you want to delete.
                                                      Step 7   Click the Delete link.
                                                      Step 8   In the Confirm dialog box, click Yes.
                                                      Step 9   In the Edit vZone dialog box, click Apply.

                                                      Configuring Security Profile Dictionary

                                                      Adding a Security Profile Dictionary

                                                      Procedure
                                                        Step 1   In the Navigation pane, click the Policy Management tab.
                                                        Step 2   In the Navigation pane, click the Security Policies subtab.
                                                        Step 3   In the Navigation pane, expand root > Advanced > Security Profile Dictionary node.
                                                        Step 4   In the Work pane, click the Add Security Profile Dictionary link.
                                                        Note   

                                                        You can create a security profile dictionary at the root or Tenant level.

                                                        Step 5   In the Add Security Profile Dictionary dialog box, complete the following fields as appropriate:
                                                        Name Description

                                                        Name field

                                                        The name of the security profile.

                                                        This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved.

                                                        Description field

                                                        A description of the security profile.

                                                        This description can be between 1 and 256 identifier characters. You can use alphanumeric characters including hyphens, underscore, dot, and colon. You cannot change this description after it is saved.

                                                        Policy Set drop-down list

                                                        A selectable drop-down list of policy sets.

                                                        Add Policy Set link

                                                        A link to add a policy set.

                                                        Resolved Policy Set field

                                                        A link to edit the resolved policy set.

                                                        Step 6   Click OK.

                                                        Adding a Security Profile Dictionary Attribute

                                                        Procedure
                                                          Step 1   In the Navigation pane, click the Policy Management tab.
                                                          Step 2   In the Navigation pane, click the Security Policies subtab.
                                                          Step 3   In the Navigation pane, expandroot > Advanced > Security Profile Dictionary to view and select the appropriate Security Profile Dictionary_name.
                                                          Step 4   In the Work pane, click the Edit link to open the Edit Security Profile Dictionary dialog box.
                                                          Step 5   In the Edit Security Profile Dictionary dialog box, click the Add Attribute link.
                                                          Step 6   In the Add Attribute dialog box, complete the following fields:
                                                          Name Description

                                                          Name field

                                                          The name of the Security Profile Dictionary attribute.

                                                          This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is saved.

                                                          Description field

                                                          A description of the Security Profile Dictionary attribute.

                                                          This description can be between 1 and 256 identifier characters. You can use alphanumeric characters including hyphens, underscore, dot, and colon. You cannot change this description after it is saved.

                                                          Step 7   Click OK.

                                                          Editing a Security Profile Dictionary

                                                          Procedure
                                                            Step 1   In the Navigation pane, click the Policy Management tab.
                                                            Step 2   In the Navigation pane, click the Security Policies subtab.
                                                            Step 3   In the Navigation pane, expand root > Advanced > Security Profile Dictionary.
                                                            Step 4   In the Work pane, click the security profile dictionary you want to edit.
                                                            Step 5   Click the Edit link.
                                                            Step 6   In the Edit Security Profile Dictionary dialog box, modify the fields as appropriate:
                                                            Name Description

                                                            Name field

                                                            The name of the security profile dictionary.

                                                            You cannot edit this field.

                                                            Description field

                                                            A description of the security profile dictionary.

                                                            Step 7   Click OK.

                                                            Editing a Security Profile Dictionary Attribute

                                                            Procedure
                                                              Step 1   In the Navigation pane, click the Policy Management tab.
                                                              Step 2   In the Navigation pane, click the Security Policies subtab.
                                                              Step 3   In the Navigation pane, expand root > Advanced > Security Profile Dictionary node.
                                                              Step 4   In the Work pane, click the security profile dictionary that contains the attribute you want to edit.
                                                              Step 5   Click the Edit link.
                                                              Step 6   In the Edit Security Profile Dictionary dialog box, Attributes area, click the attribute you want to edit.
                                                              Step 7   Click the Edit link.
                                                              Step 8   In the Edit Attribute dialog box, modify the following fields as appropriate:
                                                              Name Description

                                                              Name field

                                                              The name of the security profile dictionary attribute.

                                                              Description field

                                                              A description of the security profile dictionary attribute.

                                                              Step 9   Click OK.
                                                              Step 10   In the Edit Security Profile Dictionary dialog box, click OK.

                                                              Deleting a Security Profile Dictionary

                                                              Procedure
                                                                Step 1   In the Navigation pane, click the Policy Management tab.
                                                                Step 2   In the Navigation pane, click the Security Policies subtab.
                                                                Step 3   In the Navigation pane, expandroot > Advanced > Security Profile Dictionary node.
                                                                Step 4   In the Work pane, click the security profile dictionary you want to delete.
                                                                Step 5   Click the Delete link.
                                                                Step 6   In the Confirm dialog box, click OK.

                                                                Deleting a Security Profile Dictionary Attribute

                                                                Procedure
                                                                  Step 1   In the Navigation pane, click the Policy Management tab.
                                                                  Step 2   In the Navigation pane, click the Security Policies subtab.
                                                                  Step 3   In the Navigation pane, expand root > Advanced > Security Profile Dictionary.

                                                                  In the Navigation pane, click the dictionary that contains the attribute you want to delete.

                                                                  Step 4   In the Work pane, click the Edit link.
                                                                  Step 5   In the Edit Security Profile Dictionary dialog box, Attributes area, click the attribute you want to delete.
                                                                  Step 6   Click the Delete link.
                                                                  Step 7   In the Confirm dialog box, click OK.